Field of the Invention
The present invention relates to an image processing apparatus capable of being connected to from a mobile terminal, a method of controlling the same, and a storage medium.
Description of the Related Art
In recent years, a function for cooperating with a mobile terminal is provided in a multifunction peripheral which is one type of information communication process apparatus which includes various wireless communication functions. For example, a multifunction peripheral or the like equipped with wireless LAN, Bluetooth (registered trademark), or the like is known. In Japanese Patent Application No. 2014-230178, a technique for performing control of printing of a multifunction peripheral from a mobile terminal using Bluetooth is proposed.
As the multifunction peripheral, in addition to print control via Bluetooth, a user authentication function via a communication via Bluetooth from the mobile terminal is also considered. In such a case, it is necessary that the mobile terminal transmit confidential information such as a user ID and a password to the multifunction peripheral. An input range of the password is generally an English text code and eight characters or more. A path-encrypted communication between the mobile terminal and the multifunction peripheral for handling the confidential information in a communication path must be performed.
Conventionally, when performing a path-encrypted communication using Bluetooth, a device which receives a connection displays a PIN code, a device which requests the connection inputs the PIN code, key exchange is performed if there is a match, and encryption is implemented by those keys. The PIN code that is handled by Bluetooth is a six digit number.
However, there exists a problem in the conventional technique described above which is described below. Although the PIN code that is handled by Bluetooth is a six digit number, the input area of the password is generally set in a larger range. For this reason, when a brute force attack or the like is performed at a time of the PIN code input, there is a security threat in that password information will be obtained. Normally, if path-encryption is performed, a method in which an LTK (Long Term Key) is exchanged with the mobile terminal after PIN code verification is used. However, because it cannot be determined whether or not the mobile terminal obtained the LTK from the correct multifunction peripheral, there is a security threat of a malicious third party spoofing the multifunction peripheral, and obtaining the user ID and password sent from the mobile terminal side. Accordingly, it is necessary to realize user authentication information path-encryption by performing encryption from a correct, non-spoofed multifunction peripheral while maintaining higher complexity and cryptographic intensity than with a PIN code.